A History of Healthcare Compliance in the United States

Chapter 1: A History of Healthcare Compliance in the United States

Introduction

  • Importance of understanding healthcare compliance history as a Certified Professional Compliance Officer (CPCO).

  • Familiarity with current healthcare regulations is crucial.

  • Memorization of all regulations is not necessary; knowing where to find resources is essential.

Objectives of Chapter 1

  • Forming an understanding of the history of healthcare compliance.

  • Understanding key agencies involved in compliance development and enforcement.

  • Demonstrating key requirements for developing, implementing, and monitoring a healthcare compliance program based on governmental regulatory guidelines.

Early Identification of Fraud and Abuse

General Accounting Office (GAO) Findings (1992)

  • The GAO identified that Medicare claims were at high risk for fraud and abuse (GAO/HR-93-6, Dec. 1992).

Office of Inspector General (OIG) Actions (1996)

  • In 1996, the OIG audited the Healthcare Finance Administration (renamed CMS) Medicare claims payment system.

  • Resulted in an estimated finding of over $23 billion in improper payments.

  • Initiated intensified provider audits and a pressing need for compliance.

  • Audits focused initially on teaching hospitals, such as the University of Pennsylvania, resulting in significant settlements for improper billing practices.

Case Study: Clinical Practices of the University of Pennsylvania (CPUP)

  • The investigation revealed teaching physicians had insufficient medical record documentation of their involvement in services provided by resident physicians.

  • Physicians were found guilty of upcoding (billed for more complex and expensive services).

  • Audits known as Physician at Teaching Hospitals (PATH) audits targeted insufficient documentation supporting services performed by teaching physicians.

Nationwide Compliance Initiatives

  • Following findings from CPUP, the OIG and DOJ created a nationwide initiative for Medicare compliance for teaching hospitals, leading to various initiatives:

    • Operation Bad Bundle: Investigated fraud related to clinical laboratories, durable medical equipment, hospice care, and home health services.

Compliance Program Guidance (CPG)

  • First Compliance Program Guidance for Hospitals issued in February 1998.

  • Additional guidance documents were published for various healthcare sectors starting from August 1998 through 2023, including:

    • Compliance Guidance for Home Health Agencies: Aug. 7, 1998.

    • Compliance Guidance for Clinical Laboratories: Aug. 24, 1998.

    • Compliance Guidance for Nursing Facilities: March 16, 2000.

    • General Compliance Program Guidance (GCPG): Announced in 2023 to modernize CPGs; applicable to all individuals and entities in the healthcare sector.

    • GCPG addresses federal fraud and abuse laws, compliance program basics, and OIG processes/resources.

Legislative Framework Guiding Compliance

Healthcare Reform Law (2010)

  • The Patient Protection and Affordable Care Act (ACA) requires a compliance and ethics program for a broad range of healthcare providers and suppliers.

Medicare Access and CHIP Reauthorization Act (MACRA) (2016)

  • Ended the Sustainable Growth Rate (SGR) formula; established the Quality Payment Program (QPP) focusing on quality of care and patient outcomes.

Regulatory Compliance Beyond Healthcare Billing

  • Health Insurance Portability and Accountability Act (HIPAA): Contains fraud and abuse provisions, as well as mandatory privacy and security compliance requirements that are overseen by the Office of Civil Rights (OCR) and HHS.

  • Department of Labor (DOL) Compliance: Regulates laws like the Fair Labor Standards Act (FLSA), Occupational Safety and Health Act (OSHA), and Civil Rights Act (CRA).

  • Laboratories are regulated by CMS and CDC, highlighting the diversity of regulations affecting healthcare providers.

Office of Inspector General (OIG)

Role of OIG

  • Established in 1976, OIG is the largest inspector general's office overseeing fraud, waste, and abuse in Medicare and Medicaid programs, with over 1,650 employees.

  • Aims to safeguard health and welfare of program beneficiaries and improve the efficiency of HHS programs.

  • The OIG’s oversight includes other HHS program agencies like NIH and FDA.

OIG's Organization Structure

  1. Immediate OIG: Administrative oversight and adherence to OIG's mission.

  2. Office of Audit Services: Conducts independent audits of HHS programs and contractors.

  3. Office of Evaluation and Inspections: National evaluations of HHS programs.

  4. Office of Management and Policy: Provides administrative support.

  5. Office of Investigations (OI): Investigates healthcare fraud and operations.

  6. Office of Counsel to the Inspector General: Legal support to the OIG.

Department of Justice (DOJ) Collaboration

  • DOJ enforces federal criminal laws, works closely with OIG on healthcare fraud investigations, composed of over 115,000 employees including lawyers.

  • DOJ's strategic goals for 2022-2026:

    • Combat pandemic fraud.

    • Reduce violent crimes and combat ransomware attacks.

    • Improve efficiency in immigration adjudication.

Compliance Tools: CIAs and CCAs

Corporate Integrity Agreements (CIAs)

  • CIAs enforce compliance within healthcare organizations through civil settlements or when individuals/entities are found guilty of defrauding federal programs.

  • CIAs align with initial Federal Sentencing Guidelines created in 1995 and serve to establish and maintain compliance programs.

  • Significance of CIAs: They prevent exclusion from Medicare and Medicaid, mandating adherence to compliance regulations.

Certification of Compliance Agreements (CCAs)

  • A simpler agreement involving providers certifying ongoing compliance with existing compliance programs, typically for a shorter fixed term (3 years).

Office of Civil Rights (OCR)

Responsibilities

  • OCR enforces civil rights laws and the HIPAA Privacy Rule to protect individuals from discrimination in healthcare services.

  • Responsible for overseeing statutes such as the Civil Rights Act of 1964 and regulations concerning Limited English Proficiency (LEP).

Limited English Proficiency (LEP)

  • Providers receiving federal funding must ensure accessibility for LEP individuals, including offering free interpreters and translated documents.

Fraud and Abuse Definitions

  • Fraud (HIPAA Definition): Knowingly executing a scheme to defraud healthcare programs.

  • Abuse (CMS Definition): Practices resulting in unnecessary costs to Medicare, distinguished from fraud by a lack of proven intent.

  • Improper Payments: Examples of fraud vs. abuse vs. waste are elaborated, illustrating the spectrum from error to intentional deception.

OIG’s Strategy to Combat Fraud, Waste, and Abuse

  • Five-Principle Strategy includes recommendations for:

    1. Enrollment Scrutiny: Screening providers before enrollment in healthcare programs.

    2. Payment Methodologies: Ensuring appropriate payment structures that limit fraud incentives.

    3. Assistance in Compliance: Promoting comprehensive compliance programs among providers.

    4. Oversight Monitoring: Enhancing program oversight for fraud monitoring and data integrity.

    5. Swift Response: Prompt action against detected fraud and enhancing penalties to deter such actions.

Types of Exclusions

Mandatory Exclusions

  • Required by law for individuals/entities convicted of healthcare fraud, patient abuse, theft, or controlled substances offenses.

Permissive Exclusions

  • OIG has discretion to exclude based on a variety of criteria such as misdemeanor convictions related to healthcare fraud.

Section Review Summary

  1. Authority on Patients' Rights: Office for Civil Rights.

  2. Department Overseeing Criminal Laws: Department of Justice.

  3. Large Inspector General's Office: HHS Office of Inspector General.

  4. Costly Medicare Practices: Abuse.

  5. OIG Oversight: Excludes DEA (handled by DOJ).

Compliance Program Essentials

  • Effective compliance programs ensure:

    • Cultural Alignment: Aligns with ethical expectations of the organization.

    • Regular Updates: Programs should be regularly reviewed and updated to remain effective.

    • Seven Elements Identified by OIG: These include policies, leadership oversight, training, communication, enforcement, risk assessment, and corrective actions.

OIG's Modernization Efforts

  • Adaptation of guidance documents to improve accessibility and usability in light of advancements in technology.

  • Implementation of a General Compliance Program Guidance with an aim to unify and enhance compliance efforts across all healthcare sectors.

Acronyms

  • CPCO: Certified Professional Compliance Officer

  • OIG: Office of Inspector General

  • ACA: Affordable Care Act

  • GCPG: General Compliance Program Guidance

  • CIAs: Corporate Integrity Agreements

  • Additional acronyms relevant throughout the text include: CMS, HIPAA, DOJ, DOL, LEP, etc.

Compliance Tip Summary

  • Compliance programs should not be mere documentations; they need to be functional and actively practiced.

  • Develop regular audits to ensure compliance and immediate responses to detected offenses.